Cloud Security

Authors :

R. M. Sashen Oshada, S. P. J. Yapa, A.W.M Mahith Thejaka Abeysinghe,
M. M. Murshid, M. Akthar Kuthubdeen, R. M. Dhanuka Rajapaksa

Published on:

2024 April 8

Cloud security, sometimes referred to as cloud computing security, is a group of security controls intended to safeguard data, apps, and infrastructure that are hosted on the cloud. These safeguards provide data privacy protection, data and resource access management, and user and device authentication. Security measures are divided into three categories:

Security dependent on providers: Cloud service providers protect the physical data centers and network architecture by implementing infrastructure-level security measures. Firewalls, penetration testing, obfuscation, tokenization, virtual private networks (VPN), and avoiding public internet connections are some of the techniques used to provide cloud security. Data that is being moved into and out of the cloud (in motion) or stored (at rest) is shielded from security risks, theft, and corruption by means of cloud data security.Given the complexity of cloud security, a well-thought-out and well-supported architecture is essential.

Among the hazards are the possibility of unmanaged devices accessing data, the
absence of a traditional network border to defend, and complex security issues like advanced persistent attacks (APTs). As 2024 approaches, cloud security will be a key component of corporate strategy. According to the Cost of a Data Breach Report 2023, 82% of breaches involved data stored in the cloud, and 45% of breaches were cloud-based. A lot of businesses think that a private cloud is a better place for their sensitive data to be safe. But public clouds have historically been more secure since the majority are managed by security professionals who are aware of cloud security issues and know how to resolve them. Difficulty with cloud security: Insufficient visibility, multiple tenants, control over access and shadow IT, adherence to regulations, and incorrect setups.

Zero Trust Security

Zero Trust security is a cloud security Model. Zero Trust security requires verification from anybody attempting to access network resources, as no one is trusted by default from either the inside or outside of the network. The five complimentary areas of work (pillars) that make up CISA’s zero trust model are Identity, Devices, Networks, Applications and Workloads, and Data. These must all be accomplished to establish a zero-trust model. A zero-trust network is made up of three essential parts: trust, device authentication, and user/application authentication. For instance, a new hire does not initially have access to any systems when they first join the organization or when a new service account is formed.

In the face of a network that is perceived as compromised, zero trust offers a set of principles and ideas intended to reduce uncertainty in enforcing precise, least privilege per-request access decisions in information systems and services. The zero-trust security paradigm, commonly referred to as perimeterless security or zero trust architecture (ZTA), is a methodology for the planning, development, and deployment of IT systems. According to research by global technology corporation Cisco, about 90% of enterprises have started implementing zero-trust security, but many still have a long way to go. Nonetheless, the most common barriers to implementing Zero Trust were senior management’s lack of support and ignorance of the concept. The upshot is that, according to Gartner, more than half of companies will not be able to reap the rewards of zero trust. The expenses for establishing a zero-trust approach include the time the organization spends planning such a complex project, the time it takes for each team within the organization to assist in classifying their data, and the time it takes users. These costs are in addition to the cost of purchasing and implementing solutions that cover the entire attack
surface.

Strategies to shield from cloud security threat